Apple Plugs Apache, App Flaws

By Jim Wagner (Send Email)
Posted Jan 27, 2004


For the second time this month, Apple has released security patches to correct vulnerabilities found in several versions of its Mac OS X. For the second time this month, several vulnerabilities found in various version of the Mac OS X have been shored up.

A "moderately critical" vulnerability in two Apache modules, mod_alias and mod_rewrite, could conceivably give a network user escalated privileges or let him or her launch a denial-of-service attack. Security officials also modified how the mod_cgid communicates with CGI script, saying it was not "handled properly."

Apple also patched an unspecified vulnerability in the SystemConfiguration subsystem that allows network admins to change network settings and system configuration. Unspecified vulnerabilities were also found in the Mac OS X mail application, Safari Web browser, Windows file sharing and in the environment variables area.

Fixes have been issued for Mac OS X versions: 10.3.2 client and server; 10.2.8 client and server; and 10.1.5 client and server. They can be downloaded here.

Earlier this month, Apple patched a lower-priority vulnerability in the code that allowed a local user to "crash" SecurityServer by inputting a long password into a keychain. Several applications in Mac OS X cannot operate without SecurityServer, causing a denial of service.

This article was originally published on internetnews.com.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.